Vroom leaked personal and banking data of 27,000 Australians

Australia’s largest online car loan marketplace Vroom by YouX has been the victim of a massive leak — more than 27,000 records with driver’s licenses, banking details and even medical documents of customers were found online.

The fintech company specializing in car loans left an unprotected database without a password — scans of driver’s licenses, bank statements, documents with partial credit card numbers, as well as medical and employment data for 2022–2025 were publicly available.

• Researcher Jeremiah Fowler reported the Vroom leak and passed the data to the Website Planet team. The company promptly restricted access, and also promised to conduct an internal audit and develop a plan to inform customers.
• In a statement, Vroom said it has not yet identified any evidence of the data being used, but acknowledged the seriousness of the situation. Vroom has been in business since 2022 and actively collects customers’ personal and financial documents for loan approval.

However, basic protections for this data, such as passwords, multi-factor authentication, or encryption, are lacking. Experts say even partial credit card information can easily be honed by hackers from previous leaks or used in phishing schemes.

This incident is another reminder that in the world of digital data, non-existent security is the silent treatment before a strike. Vroom has not only put its customers at risk, but also its own reputation by leaving the door wide open for a potential attack.